Privacy policy

Privacy Policy for Maram.org.in

Effective Date: 1st July 2025

This Privacy Policy describes how Maram.org.in (“we,” “us,” or “our”) collects, uses, processes, and discloses your information when you access or use our website, services, and products. Our organization is committed to protecting your privacy and handling data transparently in accordance with applicable Indian laws.

1. Introduction & Scope

This policy informs users about our methods for collecting, using, and safeguarding personal data. Its primary purpose is to maintain transparency, foster user trust, and ensure strict adherence to the legal framework governing e-commerce and data protection in India. Transparent data handling is a strategic asset that helps build long-term customer relationships and aligns with the Consumer Protection (E-Commerce) Rules, 2020, which aim to "develop faith between businesses and consumers".

This policy applies to all users and visitors of Maram.org.in, including those who browse, create an account, or purchase goods and services. The scope covers all digital transactions, whether for physical or digital products, and applies to both marketplace and inventory e-commerce models.

Our data processing activities are governed by key Indian laws:

· The Digital Personal Data Protection Act (DPDPA), 2023: This legislation defines the obligations of data fiduciaries (like Maram.org.in) and the rights of data principals (users). It mandates principles of consent, data minimization, and accountability.

· The Information Technology Act, 2000, and the SPDI Rules, 2011: These laws form the foundational framework for cybercrime and data security practices. While the DPDPA is expected to supersede some of these provisions, we remain fully compliant with all currently applicable laws.

· The Consumer Protection (E-Commerce) Rules, 2020: These rules ensure transparency, promote fair trade practices, and establish grievance redressal mechanisms for online transactions.

· The Indian Contract Act, 1872: This Act provides the legal basis for contracts and defines user eligibility for services.

This policy is a "living document," structured to adhere to the current legal environment while anticipating future changes as the DPDPA is progressively implemented.

2. Information We Collect

We collect various types of information to facilitate and enhance our services. The categories of personal data collected are designed to enable efficient service delivery and improve user experience.

· Identity Data: First name, last name, username, title, date of birth, and gender.

· Contact Data: Billing address, delivery address, email address, and phone numbers.

· Financial Data: Details related to bank accounts, credit/debit cards, or other payment instruments.

· Transaction Data: Information on payments and details of products/services purchased.

· Technical Data: IP address, login data, browser information, operating system, and other device-related information.

· Usage Data: Information on how you interact with our website, such as browsing patterns, product views, and wishlist items.

· Marketing & Communications Data: Your preferences for receiving marketing communications.

· Profile Data: Username, password, purchase history, interests, and feedback.

· Sensitive Personal Data or Information (SPDI): This may include passwords or specific financial details. We obtain explicit consent before collecting or processing any sensitive data.

Information is collected through:

· Direct Interactions: You provide data directly when creating an account, placing an order, or contacting customer support.

· Automated Technologies: Technical and Usage Data are collected automatically using cookies and similar tracking technologies as you interact with the website.

· Third Parties: We may receive data from third parties like social media platforms (if you use social login), payment gateway providers, and analytics providers.

3. How We Use Your Information (Purposes of Processing)

We process personal data for various legitimate purposes, ensuring each use aligns with legal requirements and enhances the user experience.

· Order Fulfillment & Service Delivery: To process orders, manage payments, and facilitate delivery.

· Account Management: To administer user accounts and store preferences.

· Customer Support: To respond to inquiries and resolve issues.

· Personalization & User Experience: To tailor your experience and offer product recommendations.

· Marketing & Promotions: To send relevant marketing communications, for which explicit consent is required.

· Website Improvement & Analytics: To enhance website functionality and optimize services based on usage data.

· Legal Compliance & Fraud Prevention: To adhere to legal obligations and prevent fraudulent activities.

The Indian legal framework, including the DPDPA, requires consent to be "free, specific, informed, unconditional and unambiguous with a clear affirmative action," which prohibits pre-ticked checkboxes. We provide clear notice about the data collected and its purpose before obtaining consent, and you can withdraw consent at any time.

4. Disclosure and Sharing of Information

We may share your information with third parties under specific circumstances, always ensuring compliance with legal obligations and data protection principles.

· Third-Party Service Providers: We share data with third parties like payment processors, logistics partners, and marketing platforms to operate our services. The DPDPA mandates "valid contracts" with these data processors. We ensure all such relationships involve strict Data Processing Agreements (DPAs) that legally bind them to uphold our data protection standards.

· Cross-Border Data Transfers: The DPDPA permits data transfers outside India, but the government may create a "negative list" of restricted countries. We ensure all such transfers strictly comply with Indian law, including any future restrictions.

· Legal Requirements & Business Transfers: We may disclose information if legally mandated (e.g., in response to a court order) or as part of a business restructuring like a merger or acquisition.

5. Data Security Measures

We prioritize the security of your personal data through robust technical and organizational safeguards. We maintain "reasonable security practices and procedures" to protect data from unauthorized access, use, or disclosure.

· Safeguards: We use secure payment systems with industry-standard encryption and multi-factor authentication. Data encryption and access control mechanisms are in place, and we conduct regular cybersecurity audits. We adopt a "Privacy by Design" approach, integrating privacy into our system's design from the outset.

· Data Breach Notification: In the event of a data breach, the DPDPA mandates prompt notification to both the Data Protection Board and affected users. We are obligated to provide detailed information about the breach and mitigation measures within 72 hours of becoming aware of the incident.

6. Your Rights as a Data Principal

As a data principal, you have specific rights concerning your personal data under Indian law.

· Right to Access, Correction, and Erasure: You can obtain a summary of your data, request the correction of inaccurate or incomplete data, and ask for the erasure of data when it is no longer needed.

· Right to Grievance Redressal: You have the right to file complaints with us if you believe your data rights have been violated. If you are unsatisfied with our resolution, you can escalate the issue to the Data Protection Board of India.

· Right to Nominate: The DPDPA gives you the right to nominate another person to exercise your data rights in the event of your death or incapacity.

· Withdrawal of Consent: You can withdraw your consent for data processing at any time, with the process being as easy as giving it.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and gather data.

· Explanation: Cookies are small data files stored in your browser that can remember your login sessions or shopping cart items. These can collect personal data like IP addresses and browsing history.

· Consent: The DPDPA's consent requirements implicitly cover these technologies. We use a robust cookie consent management platform (CMP) that provides clear, granular opt-in options for different categories of cookies. We require clear and specific consent before using non-essential cookies and make it easy for you to withdraw consent.

8. Children’s Privacy

We place significant importance on protecting the privacy of children under 18. Parental consent is mandatory for processing a child's personal data. The DPDPA also prohibits processing children's data in a way that could cause them harm, including targeted advertising. If our services could involve data collection from minors, we implement robust age verification and parental consent mechanisms.

9. Grievance Redressal Mechanism

We maintain a robust and accessible grievance redressal mechanism.

· Grievance Officer: In compliance with Indian law, we have appointed a dedicated Grievance Officer whose name, contact details, and designation are prominently displayed on the platform.

· Process: The Grievance Officer will acknowledge complaints within 48 hours and resolve them within one month. You can register complaints via phone, email, or through the website.

10. Changes to This Privacy Policy

We may update this policy periodically to reflect changes in legal requirements or operational practices. For any material changes, particularly those that alter the purpose of data collection, we will notify users via email or prominent website banners. We may need to re-obtain explicit consent for such changes.

11. Contact Us

For any questions or concerns regarding this policy, please contact us.

· Grievance Officer Details:

o Name: Grievance Officer

o Email: info@maram.org.in

o Phone: +91-9310008565

· General Contact: